230 likes | 827 Views
Cyber-Security: A Stochastic Modeling Approach for Security Quantification. K. Ruwani M. Fernando & Prof. Chris P. Tsokos. Presentation overview. Introduction Cyber-Security Analytical Framework Stochastic Modeling: Discrete-Time & Continuous-Time Markov Chains
E N D
Cyber-Security: A Stochastic Modeling Approach for Security Quantification K. Ruwani M. Fernando & Prof. Chris P. Tsokos
Presentation overview • Introduction • Cyber-Security Analytical Framework • Stochastic Modeling: Discrete-Time & Continuous-Time Markov Chains • Quantitative Security Assessment • Illustration • Conclusions
Introduction • Cyber Attacks becomes more and more sophisticated & complex. • Losses due to such attacks are immense varying from loss of money and confidential information to the spoilage of reputation. • Therefore, it is extremely important for corporations to have security metrics in order to mitigate the security risks. • During the operational lifetime of a system, it can alternate between different security states, mainly due to intrusion attempts of attackers. • The behavior of an attacker can be described by the transitions between states of the system where each transition is caused by attacker’s event. • Since both the event and the time it will occur is random, the states of a network system and the attacker behavior can be modeled as a stochastic process, which can capture its dynamical behavior.
CYBER Security ANLYTICAL FRAMEWORK Stochastic modeling Model Representation
Discrete-Time Markov Chain • In this study, we assume that the transition probabilities do not depend on time (), which is called the time homogeneity. Thus, . • The Probability Transition Matrix P has its entry as:
Continuous-Time markov chain: Infinitesimal Generator • G is not a stochastic matrix: Diagonals are negative. Entries can be greater than 1. Row sums to zero. Diagonal entries are negative of holding time. Off-diagonal elements are instantaneous transition rates, . • ; Exponential rate of transition from state to state • ; Average time needed to transit form to • ; Average amount of time (sojourn time) spent in each state (holding time) • If transition rates (are available: : The rate that the process leaves state is equal to the sum of the rates from to each of the next states.
ILLUSTRATION 1 (dtmc) : SPECIFYING THE MODEL State Space Model Transition Probability Matrix
ILLUSTRATION 1…… • Probability Transition Matrix • Most probable Goal • Most Critical Attack State • Expected Path Length =
ILLUSTATION 11 (ctmc) : SPECIFYING THE MODEL Attack Progression Model Infinitesimal Generator
ILLUSTRATION II • Transition Intensities estimated from data (G • Mean sojourn times • Transition Probability Function: P(10) • Fundamental Matrix • MTSSF
conclusion • Model presented is concentrated on attacks launched remotely through internet. • Current Model focuses primarily on software vulnerabilities. • Any attack scenarios involve four states: breach, strike confidentiality, strike integrity, and strike availability—remarkably similar to the states we present here. • The obtained security measures: The amount of steps performed in each attack scenario, the most probable goal, Expected path length, Mean Time to Security Failure(MTTSF) • Estimating the transition probabilities, transition rates and holding times have always been the biggest challenges for security assessment.
REFERNCES • Madan, Bharat B., et al. "A method for modeling and quantifying the security attributes of intrusion tolerant systems." Performance Evaluation 56.1 (2004): 167-186. • Abraham, Subil, and Suku Nair. "Exploitability analysis using predictive cybersecurity framework." Cybernetics (CYBCONF), 2015 IEEE 2nd International Conference on. IEEE, 2015. • Leversage, David John, and Eric James Byres. "Estimating a system's mean time-to-compromise." IEEE Security & Privacy 6.1 (2008). • Trivedi, K. S. (2016). Probability and statistics with reliability, queuing, and computer science applications.